SANS ISC InfoSec Forums

We've had a few reports so far where people receive an SMS which asks them to check out a particular URL, which predictably contains something extra.

Currently the reports are from the UK and Germany.

The text of the SMS is typically along these lines " Someone posted your full personal and banking information at insert-bad-url-here website you must remove it now". The text does vary slightly in some of the samples seen.

The url typically has some badness in the form of a trojan. This particular one, which Holger alerted us to (thanks), contained a trojan called Ambler.

So keep an eye on your VoIP systems and some user education is probably also not a bad idea.